Privacy Policy

1. Introduction & Data Controller

This Privacy Policy explains how Gusto ("we", "us") collects and protects your data. We operate strictly under Art. 6 GDPR regulations.

Data Controller:
[Company Name / Your Name]
[Address]
Contact: [email protected]

2. What Data We Collect

We believe in data minimization. We only collect the minimal information required to provide the core functionality of the App:

• Account Information (Strictly Necessary): When you sign up, we collect your Email Address. This is used essentially for authentication and account recovery.
• App Usage Data: Your preferences, pantry items, and saved recipes are stored to provide the service (Legal Basis: Contractual Performance, Art. 6(1)(b) GDPR).

We do not collect phone numbers, physical addresses, or track your location.

3. Data Processors (Third Parties)

To provide our secure infrastructure, we use trusted sub-processors:

• Supabase (Authentication & Database): We use Supabase to securely store your email and user data. Supabase is GDPR-compliant and encrypts data at rest.
• Apple App Store & Google Play (Payments): All subscription payments are processed directly by Apple or Google. We strictly do not have access to your credit card or financial information.

4. Your Rights (GDPR)

You have full control over your data. You have the right to:

• Request Access: Ask for a copy of all data we hold about you.
• Right to be Forgotten: You can delete your account directly within the App settings. This will permanently erase your email and data from Supabase.
• Data Portability: Request your data in a machine-readable format.

5. Data Security

Your email and data are stored in a database secured with Row Level Security (RLS) and encryption. Authentication tokens are handled securely via Supabase Auth services.

6. Changes

We may update this policy. Significant changes will be notified via email (if you have opted in) or an in-app notice.